writing a program for hiding processes from ps command result

I want to write a kernel module that can hide a process from user view by removing it from ps command resu开发者_如何学编程lt and able me to view hidden processes.

Can anyone give me a walk-through for writing this program?

I believe most root-kits would include something like this, and that root-kits are the only reason I can think of for writing something like this.

If you see some other, more valid, use, please enlighten me. (Honey pots are not a good answer, since you're much better off running them in a virtual machine observed from the outside in the first place.)